Skip to main content

Processing of (personal) data by the entity in charge of the online application process

Privacy Notice for Applicants

 

According to the requirements of art. 13 GDPR related to the information obligations, this privacy notice provides you with information on OpenSynergy’s data processing activities regarding your application:


Data processing responsible in the frame of the application process is

 

OpenSynergy GmbH
Rotherstraße 20
10245 Berlin

Germany
E-Mail: info@opensynergy.com


Our data protection officer


We have appointed a data protection officer for OpenSynergy. You have the possibility to contact our data protection officer using our postal address or at the email below:


datenschutz@opensynergy.com.


Type and purpose of the data processing

 

If we have received data from you, we will only process it for the purpose for which we have collected it.


These purposes are usually:

  • the justification and the establishment of an employment relationship in the course of an application process
  • the entry in our applicant pool in order to identify any possible vacancies of interest to you and eventually contact you again


With the reception and the processing of your application, we collect the following data:

  • first and last name
  • address
  • telephone number
  • job description
  • email address
  • further data you provide in your application materials (CV, certificates)


If you provide us with additional personal data about yourself (e.g. a photo) that is not required, this is done on the basis of your voluntary decision.

 

Legal basis of the data processing


Legal basis for processing your application is art. 6 para. 1 sentence 1 lit. b and art. 88 para. 1 GDPR in connection with § 26 para. 1 sentence 1 BDSG/Bundesdatenschutzgesetz (federal data protection act). If you application is unsuccessful, your data will be processed in the applicant pool on the basis of your consent in accordance with art. 6 para. 1 lit. a GDPR. Please note you can revoke this consent at any time by sending us an e-mail to datenschutz@opensynergy.com.

 

How long shall the data be stored?

 

  • employment: if we conclude an employment contract with you, we store the data we collect and the data you voluntarily provide for the duration of your employment relationship respectively for the legally required retention period.
  • rejection: if we reject your application, we will save your application data for a maximum of six months after your application has been rejected.
  • applicant pool: if you have given us your separate consent, we will store the data you have submitted in your application in our applicant pool for twelve months after the end of the application process to identify any other vacancies of interest to you and to contact you again if necessary.

 

To which recipients is the data passed on?

 

We use the technical support of the Software of Personio for our application process. Personio is provided to us by Personio GmbH. The data you submitted will be processed by Personio on our behalf for the purpose of carrying out and processing the application process. We have concluded a data processing agreement with Personio GmbH according to the requirements of art. 28 para. 3 GDPR.


Visiting the site/Cookies

 

Access data is automatically collected from your web browser each time you access our website. Access data includes in particular:


  • IP address of the requesting device
  • date and time of access
  • address of the web page accessed and the requested web page
  • web browser you use and the operating system of your device
  • online ID (e.g. device IDs, session IDs).

The processing of the access data is only collected for the purpose of enabling you to visit the website and to ensure the long term functionality and security of our system. In this respect, legal basis for the data processing is art. 6 para. 1 lit. f GDPR. Our legitimate interest follows the aforementioned purposes. For data protection reasons, log files are only stored or analyzed temporarily.


When you visit and use our website, so-called “session cookies” are installed and stored on your computer. Cookies are small text files that are used to make the use of our services more user-friendly, more efficient and safe. They do not cause any damage to your computer and do not contain any viruses.


As a rule, session cookies are automatically deleted after your visit. You have the option of deactivating the storage of cookies by making appropriate settings in your browser. However, we would like to point out that you may in this case not access all functions of this website without restrictions. In this respect, the legal basis for the data processing is art. 6 para. 1 lit. f GDPR.


For more detailed information, please have a look at the cookies section in our privacy notice.


Online meetings via Microsoft Teams ("Teams") 

 

For a first and/or consecutive interviews we may use Teams if it is preferable to a face-to-face meeting or an initial telephone call. Teams is a software of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"), available as desktop, web and mobile app. It is used by us in particular for conducting digital conferences with business partners and applicants.


Legal basis for data processing is our legitimate interest in the effective conduct of meetings in accordance with Art. 6 para. 1 lit. f GDPR. We are not responsible for further data processing on the product website of Teams, where the desktop software can be downloaded, and the web app can be used.


During a meeting the following data may be processed under certain circumstances:

Information about the participant: if applicable, display name, first name, last name, telephone, e-mail address, password (encrypted for authentication), profile picture;

Metadata: meeting topic and description, IP address, participant's phone number, type of device/software (Windows/Mac/Linux/Web/iOS/Android Phone/Windows Phone), time of participant´s last activity on teams, number of chat and channel messages, number of meetings attended, duration of time for audio, video, and screen sharing;

When using chat or channel messages: text data for display and, if applicable, logging;

For audio use: recording data of microphone;

When using video: recording data of video camera;

For phone usage: incoming and outgoing phone numbers, country name, start and end time, if applicable other connection data, such as the IP address of the device.

 

In order to participate in a meeting, you must at least provide information about your name and - in case of telephone use - your telephone number, unless we make it possible to participate anonymously in meetings. In the latter case, we will inform you of this possibility of anonymous participation in the invitation. You can deactivate transmission via microphone and camera at any time via the corresponding settings. We will only record meetings or log text data with your consent and prior notification. Microsoft stores and uses the metadata to enable us to analyze and report on team usage.


Microsoft may obtain knowledge of the above-mentioned data in the course of processing orders in order to process them. All data traffic is encrypted (MTLS, TLS, or SRTP) and is generally performed at European servers. In case data are processed in the USA, we have agreed upon Standard Contractual Clauses with Microsoft as legal basis for data transfer and Microsoft has registered under Data Privacy Framework. Therefore, the transfer of personal data is based on the EU Commission's latest adequacy decision for data transfers to the USA. For more information, please find enclosed the Microsoft Privacy Policy.

 

Your rights 

 

You have the right to request information about the processing of your personal data by us according to art. 15 GDPR. Furthermore you have the right to rectification in accordance to art. 16 GDPR, the right to erasure under art. 17 GDPR, the right to restriction of processing under art. 18 GDPR, the right to notification under art. 19 and the right to data portability under art. 20 GDPR.


Also, you have the right according to art. 21 GDPR to object to the processing of your personal data, insofar as the processing of your personal data takes place in accordance with art. 6 para.1 lit. f) GDPR.


Insofar as the processing of your personal data takes place on the basis of your consent, you are entitled to revoke your consent to the processing of your personal data at any time in according to art. 7 para. 3 GDPR. Please note that the revocation will only take effect in the future.


Right of appeal

 

You have the right to file a complaint about the personal data processing to the data protection supervisory authority responsible for us. You can assert this right with a supervisory authority in the Member State in which you are resident, your place of work or the place of the suspected infringement. In Berlin the competent supervisory authority is: Berlin Commissioner for Privacy and Freedom of Information, Friedrichstr. 219, 10969 Berlin, Germany.

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.